my word of advice to users: change the SSID to something more obscure and generic, and the password to something else that isnt default 12341234  not specifically because someone can take control (but this maybe possible, i dont know)  but because someoen can launch a denial of service attack against the RC, even though the RC has blocked access to material/content/onjects, with a packet sniffers can still see some of them in transit when connected, and use that to launch request flooding, causing disruption and disconnection... this even occurs when using OTG like i do, the RC still is emitting wifi that can be connected to.. the front end material/objects and such not accessable so no app will run or be able to view the video i dont think, however on backend still things in transit that can be used against its self..


why is this even relevent, well its mostly precautionary, unlikely will encounter a milicious hacker wanting to denial of service your spark/RC and cause it to have bad behavior, or disconnect, however, if you frequent parks or something and someoen has seen you alot there it is possible you could garner the wrong attention of someoen with less than good intentions.  

i do not claim to be a hacker or understand software security extremely well, im learning as i go and hoping to share useful and helpful things.  please, everyone change you SSID's related to Dji projects specially the spark and change the password more importantly to something that isnt as easy as 12341234.  

NOTE to DJi: please please fix this in a firmware update with both spark and the RC such as on launch it demands a new password or give option to generate one or something.   and make it so if ur using OTG with RC the wifi isnt visable and uses a randomly generated password....  


EDIT: adding info to this, apparently connect change password/network name of the RC using standard DJi go 4 app atleast,  what a huge vunerability DJi left in there!  
EDIT : you can but not on OTG..have to switch back to wifi mode.EDIT: dji has a mess to clean up.. now i managed to make it generate multiple SSID's
EDIT: cleared up after normal reboot..  yiou can change SSID and pasword in app! just a bit buggy

Thanks for your feedback. But we don't support to change the password of the RC with the latest firmware and app at the moment, I'll transfer this require to our engineers. Besides, the connection between the Spark RC and the mobile device via OTG cable has not been fully tested, so I would suggest that you use it with caution.

DJI Thor Posted at 2017-8-4 22:19
Thanks for your feedback. But we don't support to change the password of the RC with the latest firmware and app at the moment, I'll transfer this require to our engineers. Besides, the connection between the Spark RC and the mobile device via OTG cable has not been fully tested, so I would suggest that you use it with caution.

So why is DJI selling the otg adapter under the spark accessories on the official DJI store?

SafariMan Posted at 2017-8-4 22:48
So why is DJI selling the otg adapter under the spark accessories on the official DJI store?

If we are talking about this accessory: http://store.dji.com/product/dji-goggles-micro-usb-otg-cable, that's for supporting DJI Goggles. Used together with DJI Goggles' USB cable to transmit video feedback and control data between Spark remote controller and the DJI Goggles.

At first, I did worry about the rc wifi password that are the same to all rc sold which is 12341234 and not changable. I just made a test connecting 2 iDevice to the same rc and found that even second mobile can connect to rc, it can do nothing. It seems that the rc does not allow connection between the second mobile to Spark. So, no "Enter device" enabled. Tap into it, only "disconnected" shown. So I may say Spark is secured connecting to first mobile connecting to rc.

The first thing I was looking for while setting up sparky was to change the default ssid and pass, you would naturally do that with anything really, right?!
Yes, realistically the odds are slim for someone to try to hijack your drone but that's beside the point.
We should be able to change this to improve security.
You wouldn't want to leave your wifi at home at the default user/pass right?

DJI Thor Posted at 2017-8-5 05:06
If we are talking about this accessory: http://store.dji.com/product/dji-goggles-micro-usb-otg-cable, that's for supporting DJI Goggles. Used together with DJI Goggles' USB cable to transmit video feedback and control data between Spark remote controller and the DJI Goggles.

Ok, I got it thanks for the answer.

SafariMan Posted at 2017-8-5 09:47
Ok, I got it thanks for the answer.

You are welcome. Should you have any further questions, please feel free to contact us. We'd glad to help.

But thats funny the spark isnt compatible with the goggles dji says so come on....there are threads on here about that so what is the cable for again?

Update: The latest firmware(released at 26th July) has revised this feature and the RC password can be changed now, please kindly note.

DJI Susan Posted at 2017-8-7 18:19
Update: The latest firmware(released at 26th July) has revised this feature and the RC password can be changed now, please kindly note.

yes, but the vulnerability still exists by default. so would be nice if on startup and linking out of the box that the spark/app asks for new password that it can carry with it as it changes channels instead of users still having to dig for it.

  and it was buggy changing passwords, especially over OTG.  

Hi all, update: it is able to change the WiFi SSID and password of the RC now, with the latest APP version and firmware.

DJI Diana Posted at 2017-8-7 18:43
Hi all, update: it is able to change the WiFi SSID and password of the RC now, with the latest APP version and firmware.[view_image]

can we have it built into the app on an update,  where it asks us on first startup (or after complete reset) to change password. or to generates one between RC and spark (only) that is hidden when on OTG.

also i think it should be advised everyone changes password.   so until get a firmware update to address it can you guys post a an advisory at top of the forum page about this?